Re: [exim] DKIM verification and envelope-from

Góra strony
Delete this message
Reply to this message
Autor: Robert Wysocki
Data:  
Dla: exim-users
Temat: Re: [exim] DKIM verification and envelope-from
Dnia 2012-04-27, pią o godzinie 18:05 +0000, Murray S. Kucherawy pisze:
> > -----Original Message-----
> > From: exim-users-bounces+msk=cloudmark.com@??? [mailto:exim-users-bounces+msk=cloudmark.com@exim.org] On Behalf Of Robert Wysocki
> > Sent: Thursday, April 26, 2012 4:08 AM
> > To: exim-users@???
> > Subject: [exim] DKIM verification and envelope-from
> >
> > I'm trying to achieve configuration that would verify DKIM signatures
> > for known signers.
> > Everything works fine until envelope-from address is one of known
> > signers. But many spams have envelope-from set differently than From:
> > header, eg. injectingy472@??? in envelope-from and
> > something@??? in From: header.
> > This enables them to bypass DKIM signature checks and therefor to
> > bypass one of the anti-spam mechanisms.
> >
> > How can I instruct exim to include From: headers' content in known
> > signers checks?
>
> Why wouldn't you base the "known-signer" test on From: instead of the envelope sender?


I would like to, but can I?
Isn't the decision to evaluate acl_smtp_dkim based on envelope sender?

Regards,
--
Robert Wysocki
administrator systemów linuksowych
CONTIUM S.A., http://www.contium.pl